使用Overture自建无污染DNS

近期各种DNS污染，使用第三方的小众纯净DNS又有些不放心，只好自建DNS

注：该方案已过时，推荐使用下方开源的EasyMosDNS方案

保护隐私的无污染DNS(DoH)

---

下载Overture

wget https://github.com/shawn1m/overture/releases/download/v1.6/overture-linux-amd64.zip

安装Overture

unzip -d /usr/local/overture overture-linux-amd64.zip

创建IP/域名的名单

cd /usr/local/overture
wget https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt
wget https://raw.githubusercontent.com/zfl9/chinadns-ng/master/chnlist.txt
curl https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt | base64 -d | sort -u | sed '/^$\|@@/d'| sed 's#!.\+##; s#|##g; s#@##g; s#http:\/\/##; s#https:\/\/##;' | sed '/\*/d; /apple\.com/d; /sina\.cn/d; /sina\.com\.cn/d; /baidu\.com/d; /qq\.com/d' | sed '/^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/d' | grep '^[0-9a-zA-Z\.-]\+$' | grep '\.' | sed 's#^\.\+##' | sort -u > /tmp/temp_gfwlist.txt
curl https://raw.githubusercontent.com/hq450/fancyss/master/rules/gfwlist.conf | sed 's/ipset=\/\.//g; s/\/gfwlist//g; /^server/d' > /tmp/temp_koolshare.txt
cat /tmp/temp_gfwlist.txt /tmp/temp_koolshare.txt | sort -u > gfw_all_domain.txt

创建配置文件

mv config.json /usr/local/overture/config.json.bak
vi config.json

并输入以下内容：

{
  "BindAddress": ":53",
  "DebugHTTPAddress": "127.0.0.1:5555",
  "PrimaryDNS": [
    {
      "Name": "DNSPod",
      "Address": "119.29.29.29:53",
      "Protocol": "udp",
      "SOCKS5Address": "",
      "Timeout": 6,
      "EDNSClientSubnet": {
        "Policy": "auto",
        "ExternalIP": "",
        "NoCookie": true
      }
    }
  ],
  "AlternativeDNS": [
    {
      "Name": "RubyfishDNS",
      "Address": "ea-dns.rubyfish.cn:853",
      "Protocol": "tcp-tls",
      "SOCKS5Address": "",
      "Timeout": 6,
      "EDNSClientSubnet": {
        "Policy": "disable",
        "ExternalIP": "",
        "NoCookie": true
      }
    }
  ],
  "OnlyPrimaryDNS": false,
  "IPv6UseAlternativeDNS": false,
  "AlternativeDNSConcurrent": false,
  "WhenPrimaryDNSAnswerNoneUse": "PrimaryDNS",
  "IPNetworkFile": {
    "Primary": "/usr/local/overture/china_ip_list.txt",
    "Alternative": "/usr/local/overture/ip_network_alternative_sample"
  },
  "DomainFile": {
    "Primary": "/usr/local/overture/chnlist.txt",
    "Alternative": "/usr/local/overture/gfw_all_domain.txt",
    "Matcher":  "full-map"
  },
  "HostsFile": {
    "HostsFile": "/usr/local/overture/hosts_sample",
    "Finder": "full-map"
  },
  "MinimumTTL": 0,
  "DomainTTLFile" : "/usr/local/overture/domain_ttl_sample",
  "CacheSize" : 0,
  "RejectQType": [255]
}

开启防火墙端口

firewall-cmd --permanent --add-port=53/udp
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --reload

配置开机启动 vi /etc/systemd/system/overture.service 并输入内容如下：

[Unit]
Description=overture
After=network.target
[Service]
ExecStart=/usr/local/overture/overture-linux-amd64 -c /usr/local/overture/config.json
Restart=on-abort
[Install]
WantedBy=multi-user.target

启动 Overture 服务

systemctl enable overture
systemctl start overture

至此一台纯净的DNS服务器搭建完成

[2020.03.19更新]
Overture升级至1.6版本
AlternativeDNS改用红鱼DNS